upgrade: Avoid confussion.
Some people tend to skip over entries in UPDATING and miss important details.
Convert REMOVE_OPENSSL_FILES to an action that actually warns user about it.
Files being removed(optionally) are peformed as a last step in make upgrade
step in constrast to standard TO_REMOVE that does it before updating /etc/ dir.
It should be assumed that users are allowed and will use REMOVE_DEPRECATED=yes
in their /etc/make.conf, so anything requiring user intervention should still
go in etc/Makefile: upgrade_check: target (like it already does for mailers).
Addition is not a magic fix for all problems and should be used responsibly!
While there, convert old pam removal using csh to plain TO_REMOVE.
Approved-after-very-long-discussions-by: swildner

world: Honour the NO_SHARE in make.conf2017-11-05T16:53:10Zzrjrimvydas.jasinskas@gmail.comzrjzrj@dragonflybsd.org2017-11-05T16:53:10Zhttp://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/bf31779ebd1f71a97f4d80b3b4755ef7dc3be8a4

world: Honour the NO_SHARE in make.conf
Mark all cases that touch ${DESTDIR}/usr/share in one way or another.
While there, adust libmagic to use MAGICSHAREDIR instead of FILESDIR.
In-discussion-with: swildner

installer: Fix the "missing /var/run/sem" issues better.
* Add -C to the tmpfs mount of /var/run on the USB image. This
ensures that the USB image itself keeps the ppp/, sem/, and
wpa_supplicant/ dirs under /var/run.
* Since we do not cpdup /var/run explicitly during installation
it ends up empty on the installed system. Ensure that it has
the subdirectories it needs by running mtree on /var.
* It looks like the 1e5a476188185cf1161f4fe3ffc060465562ef0d
change could be reverted because the issue never was that
/var/run/sem wasn't existing _after_ make upgrade. The mtree
in the preceding installworld takes care of it. It doesn't
hurt either, so just shuffle the commands a bit downwards.

Adjust various things after the removal of secure/.2016-11-06T23:08:49ZSascha Wildnersaw@online.deSascha Wildnersaw@online.de2016-11-06T23:08:49Zhttp://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/3b5eca529baf58ea74a485139963552cc4c1d977

Adjust various things after the removal of secure/.
* Fix etc/Makefile: This brings back installation of /etc/ssh_config
and /etc/sshd_config to our IMG/ISO.
* Add back DES and Blowfish functions to libcrypt.
* Remove installation of CA.pl/CA.sh. They don't seem to be part of
LibreSSL.
* Remove obsolete paths from whereis(1).
* Adjust hier(7) manual page.
* Adjust openssh upgrade instructions.
* While here, fix a typo in Makefile.ssh.common.

build - Remove openssl from base (is now permanently replaced by ressl)
* Remove openssl and related code that previous commits by John Marino
replaced with libressl. Remove build hooks, base now only uses libressl.
* Remove crypto/openssl. This has been replaced by the openssl
implementation from ressl.
* Remove lib/libcrypto. This has been replaced by lib/librecrypto which
generates a private_crypo library only used by base.
* Remove lib/libssl. This has been replaced by lib/libressl which
generates a private_ssl library only used by base.
* NOTE: In addition, John has been working on updating dports to ensure
that only the ports-based libssl and libcrypto (both nominally
implemented via ressl and not openssl), and that dports packages
no longer have any chance of using the private versions of these
libraries from base.

build - Rewire secure, remove conflicts from libmd, libcrypt
* Remove /usr/src/secure, folding all of its subsystems into
/usr/src. There's no point having a /usr/src/secure any more,
the system won't run without the secure stuff, the idea that some foreign
actor could segregate it in order to legally download code without crypto
is absurd on the modern internet, and the U.S. government stopped caring
decades ago.
* Remove conflicts from libmd and libcrypt. Essentially this removes
the SHA*_*() and MD5_*() APIs from libmd because these APIs already
exist in lib[re]ssl.
The older SHA*() and MD5*() APIs are partially retained for legacy base
code, but will be removed in a later stage (moved to direct-linking the
needed support source).
Conflicting routines in libcrypt have been renamed and internalized to
be libcrypt-only.
* Major rewiring of the Makefile's to support the changes.

Switch base to use private LibreSSL libaries
All base users of the OpenSSL libraries (libssl.so and libcrypto.so) have
been modified to link against the new LibreSSL versions instead.
The OpenSSL libraries are still built by default, but nothing in base will
use them. However, its certain that a myriad of dports link to OpenSSL
although this may change in the future.
The OpenSSL library building can be suppressed by putting NO_OPENSSL in
/etc/make.conf. The existing OpenSSL libraries and headers are not (yet)
removed, however, even with that setting.

Remove NO_OPENSSH variable functionality
There doesn't seem to be a legit use case for building with OpenSSL but
without ssh. Remove the ability to do so to simplify makefiles which
also has the benefit of reducing the number of make.conf options.
The ssh program and openssh private library only consume about 2Mb.

Remove am-utils, the Berkeley automounter suite (amd, amq, etc.)
We recently got FreeBSD's autofs(5) which replaces it. FreeBSD
added notes to their am-utils and related manual pages saying
that it is obsolete and advises to use autofs(5) instead.
DragonFly's port of it is almost surely broken and the last time
I heard from someone trying to get it to work was in 2013 and
back then it just hung (in select(), according to my notes).
So I don't think removing instead of trying to fix it will do
any harm.

drm: Create device entries with the "video" group
* Add a new "video" group with id 44
* Make the drm subsystem create /dev/dri/card* devices with this
new group
* FreeBSD and many Linux distributions already do the same thing
Suggested-by: Koop Mast
Partially-obtained-from: FreeBSD

libc - Add 'xlink' chflags
* Add the xlink flag. This will be used by hammer2 to demark boundaries
where cross-link hardlinks will not be allowed. In otherwords, this tells
hammer2 how far up the directory tree it has to store the inode used for
a hardlink.
* Automatically set the xlink flag for /*, /usr/*, and /var/*.
* Note that for the case where all hardlinks are situated in the same
directory, hammer2 will place the hardlink inode in that directory.
It is when hardlinks cross directories that hammer2 has to emplace the
target inode in some parent directory where it can find it. This is
where the xlink flag helps.
It is not required to use the xlink flag, but if you have cross-directory
hardlinks in hammer2 and you do not use the flag the inodes for those
hardlinks will be consolidated at the root of the mount which will have
obvious performance issues and cause snapshots of subdirectories to be
imprecise because they won't cover the hardlink target.
* Represents a trade-off for a very difficult problem that I haven't been
able to solve. While HAMMER2 can easily calculate a common parent
directory for the hardlink target inode when hardlinks are created or
deleted or renamed, problems arise when a directory in the directory
path leading from that point to the hardlink is radically moved within
the larger directory hierarchy, breaking the ability for hammer2 to locate
the hardlink target using the above method.
Rather than force hardlinks to be stored in the root of the mount, which
reduces the usefulness of subdirectory snapshots, this new mechanism is
being added to give the sysop the ability to retain nearly all the
advantages of hardlinks without losing the ability to snapshot reasonable
subdirectory elements.

Disconnect hostapd from building in base2015-07-17T22:23:10ZJohn Marinodraco@marino.stJohn Marinodraco@marino.st2015-07-17T22:23:10Zhttp://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/e191bdcb8e772c038df688c4d50fa7f3c9f61562

Disconnect hostapd from building in base
There is insufficient reason to have hostapd in base at all. Moveover,
this version is three releases behind and probably has several security
vulnerabilities. Users that need a wifi access point should install
net/hostapd instead which the latest release and patched for known
security issues.
approved-by: dillon

i386 removal, part 1/x: Remove 'real' APM and associated stuff.
Notes:
* 'apm' is now an alias for 'acpiconf -i 0', because some people got used
to checking their battery status typing 'apm'.
* powerd(8) recently gained the ability to shut down on low battery. Any
remaining functionality from the former battd(8) could be added to it.